Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security

2 Guide to Operating System Security Objectives Implement directory, folder, and file security Configure shared resource security, using share permissions in Windows 2000/XP/2003 Use groups to implement security Troubleshoot security

3 Guide to Operating System Security Directory, Folder, and File Security (Continued) Access control lists (security descriptors) associate users and groups with specific access capabilities ACL components  Discretionary access control list (DACL)  System access control list (SACL)

4 Guide to Operating System Security Directory, Folder, and File Security (Continued) Categories of information in an ACL  User accounts that can access the object  Rights and permissions that determine level of access  Ownership of the object  Whether specific events associated with an object are to be audited

5 Guide to Operating System Security Windows 2000/XP/2003 Folder and File Security Use attributes and permissions – related to file system used with the OS NTFS is better than FAT16 or FAT32  Able to set standard and special permissions  Supports use of EFS  Enables disk quotas to be set

6 Guide to Operating System Security Configuring Folder and File Attributes Attributes in FAT16, FAT32, and NTFS are stored as header information Attributes available in FAT16/FAT32- formatted disks  Read-only  Hidden  Archive

7 Guide to Operating System Security Configuring Folder and File Attributes

8 Guide to Operating System Security NFTS Security Attributes Read-only Hidden Archive Index Compress Encrypt

9 Guide to Operating System Security NFTS Security

10 Guide to Operating System Security Configuring Folder and File Permissions Use Add and Remove buttons on folder properties Security tab to change which users and groups have permission Modify existing permissions by clicking on the group and checking or removing checks in Allow and Deny columns

11 Guide to Operating System Security Configuring Folder and File Permissions

12 Guide to Operating System Security Folder and File Permissions Supported by NTFS

13 Guide to Operating System Security Configuring Inheritable Permissions

14 Guide to Operating System Security UNIX and Linux Directory and File Security (Continued) Permissions  Read (r)  Write (w)  Execute (x) Special permissions for executable programs  Set User ID (SUID)  Set Group ID (SGID)

15 Guide to Operating System Security UNIX and Linux Directory and File Security (Continued) Permissions criteria  Ownership (o)  Group membership (g)  Other (o)  All (a) Use chmod command to set up permissions  Symbolic format  Octal format Use chown command to change ownership

16 Guide to Operating System Security Viewing Permissions Settings

17 Guide to Operating System Security Red Hat Linux 9.x System Directories

18 Guide to Operating System Security NetWare 6.x Directory and File Security Access controlled through:  Attributes associated with files and directories  Access rights granted to trustees

19 Guide to Operating System Security NetWare Directory Attributes

20 Guide to Operating System Security NetWare File Attributes (Continued)

21 Guide to Operating System Security NetWare File Attributes (Continued)

22 Guide to Operating System Security NetWare Directory Attributes

23 Guide to Operating System Security NetWare Access Rights

24 Guide to Operating System Security NetWare Access Rights

25 Guide to Operating System Security NetWare Trustee Rights

26 Guide to Operating System Security Mac OS X Folder and File Security Ways to configure file and folder permissions  Command-line commands  Set Get Info properties of a file

27 Guide to Operating System Security Using Command-Line Commands in Mac OS X

28 Guide to Operating System Security Configuring Ownership & Permission for a Mac OS x File

29 Guide to Operating System Security Mac OS X Get Info Folder and File Permissions

30 Guide to Operating System Security Shared Resource Security Sharing or accessing resources – directories, folders, files, and printers – over a network  Windows 2000/XP/2003  Red Hat Linux 9.x  NetWare 6.x  Mac OS X

31 Guide to Operating System Security Sharing Resources in Windows 2000/XP/2003 Use share permissions Protecting a shared folder  Full Control  Change  Read Protecting a shared printer

32 Guide to Operating System Security Protecting a Shared Folder

33 Guide to Operating System Security Protecting a Shared Printer Print Manage Documents Manage Printers Special Permissions  Read  Change  Take Ownership

34 Guide to Operating System Security Sharing Resources in Red Hat Linux 9.x Enable access through:  Telnet and FTP Use with Secure Shell capabilities  Network File System (NFS) Protecting directory resources Protecting printer resources  Queue-based printing  Novell Distributed Print Services (NDPS)

35 Guide to Operating System Security Sharing Resources in NetWare 6.x Protecting directory resources  Mapping and search mapping Protects through attributes and trustee access rights Protecting printer resources

36 Guide to Operating System Security NetWare Drive Mappings

37 Guide to Operating System Security Sharing Resources in Mac OS X Enable access through System Preferences Protecting a shared folder Protecting a shared printer

38 Guide to Operating System Security Using Security Groups Group together accounts that have similar characteristics Eliminates repetitive steps in managing user and resource access

39 Guide to Operating System Security Using Groups in Windows 2000/XP/2003 Related to concept of scope of influence Types; used for security and distribution groups  Local  Domain local  Global  Universal

40 Guide to Operating System Security Implementing Local Groups Used to manage resources in Windows 2000/XP Professional

41 Guide to Operating System Security Implementing Local Groups

42 Guide to Operating System Security Implementing Domain Local Groups Used when Active Directory is deployed Used to manage resources in a domain Give access to global groups from the same/other domains access to those resources

43 Guide to Operating System Security Implementing Domain Local Groups

44 Guide to Operating System Security Implementing Global Groups Intended to contain user accounts from single domain Can be set up as member of a domain local group in same or other domain

45 Guide to Operating System Security Implementing Global Groups

46 Guide to Operating System Security Implementing Universal Groups Spans domains and trees within a Windows Active Directory forest

47 Guide to Operating System Security Guidelines for Using Groups Global groups  Hold accounts as members Domain local groups  Provide access to resources in a specific domain Universal groups  Provide extensive access to resources

48 Guide to Operating System Security Using Groups in Red Hat Linux 9.x Assign each group a unique group identification number (GID) Assign permissions to access resources to the group

49 Guide to Operating System Security Using Groups in NetWare 6.x Create groups with ConsoleOne tool Configure trustee access rights for the group Assign accounts to the group Assign specific login script to the group

50 Guide to Operating System Security Using Groups in Mac OS X Automatically managed and assigned by the operating system

51 Guide to Operating System Security Troubleshooting Security Windows XP Professional and Windows Server 2003  View the effective permissions NetWare 6.x  View the effective rights

52 Guide to Operating System Security Viewing Effective Rights in NetWare 6.x

53 Guide to Operating System Security Summary How to configure directory, folder, and file security for Windows 2000/XP/2003, Linux 9.x, Netware 6.x, and Mac OS X How to fine-tune security for common and unique circumstances Specialized share permissions for Windows- based systems; used when folders are shared across a network through FAT16/32 and NTFS continued …

54 Guide to Operating System Security Summary How to configure and use security groups to manage access to shared resources How to use effective permissions and effective rights tools in Windows XP/2003 and NetWare 6.x to ensure that directory, folder, and file security is properly set and that there are no security holes